The renewed terms of use for WhatsApp messaging raise new questions for both employers and employees. The policy is not without consequences for the lives of companies and their employees. Certain risks may appear, both legal and technical.
Is GDPR Strictly Observed?
In terms of law, the conditions of use and the confidentiality policy of WhatsApp constitute the framework of the legal relations between companies and their users. Under the conditions which are now offered, WhatsApp details the services it provides, the commitments it makes and provides for certain limitations of liability in the event of failure of its services.
In its new privacy policy, the messaging system explains how it collects data from its users, what types of data are collected, and for what purposes. The question here is to know, on the one hand, whether the provisions of these conditions and the confidentiality policy comply with the law applicable, in this case, the GDPR; on the other hand, if these provisions respect in concreto the principles to which they are committed.
Also Read: Create WhatsApp Shop With Product Catalog (Update)
New Behaviors To Adopt?
What behavior to adopt in such a context? In business as elsewhere, the first could be to refuse this new confidentiality policy altogether. In this case, the consequences are clear. As WhatsApp states in its new regulation, “for a short time, you will be able to receive calls and notifications, but you will not be able to read or send messages from the app.”
This is where the shoe pinches because, after 120 days of inactivity, WhatsApp accounts are generally deleted. But this provision could be subject to legal debate if we consider that Whatsapp is forcing here and therefore vitiates the consent of its users. Users.
Thus, especially if data processing has several purposes, people must choose those for which they consent freely. On this point, the CNIL is watching.
It has already had the opportunity to sanction Google on this subject for violating this principle. If a company decides to adopt WhatsApp as a professional messaging system, the confidentiality of the data will be respected a priori (WhatsApp does not allow a priori to store its messages on its servers, except for exceptions listed in its policy).
From this point of view, the use of messaging, therefore, does not pose a significant difficulty … unless malicious software were to directly infect your device or an employee inadvertently forwarded a confidential professional message to a third person in his circle. Private!
This enlightens us on two points: on the one hand, the need to protect devices for professional use, particularly smartphones and tablets; on the other hand, the vigilance that it will be advisable to always have from now on vis-à-vis the use of WhatsApp, messaging with which we are used to increasing the number of private exchanges. To what extent would it be necessary here to encourage the use of two different laptops? This question deserves to be asked.
Ban Sensitive Information On WhatsApp?
All this pleads in favor of the establishment, within the company itself, of a usage policy. This is particularly true for SMEs, where the WhatsApp Business application could be called upon to play a significant role in links with customers. A tip for general managers: it will undoubtedly be advisable to ban the sharing of sensitive information via WhatsApp messaging because a company does not control the destination of the data stored on each personal smartphone of its employees.
Remember: during 2020, instant messaging made the mistake of allowing search engines to access pages containing invitation links and personal information of WhatsApp groups when these should not have been indexed… An episode that illustrates the risks of leaks. Does this change in WhatsApp’s privacy rules signify a significant difference? Not necessarily when you consider that our data is always prey over which cybercriminals hover.
In addition, we observe that the notion of “free and informed” consent remains at the heart of the concerns of regulatory authorities such as the CNIL. But the debate is not useless for all that. It is there to make companies even more aware of the misuse that can be made of their confidential data. Acculturation seems more necessary than ever and calls each of us to our duties of conformity and vigilance!
Also Read: How To Stop People From Adding You To WhatsApp Groups